1
Information assurance (IA) is what information security people do to try and manage risks associated with information and data. This covers the people, processes and systems that might access, store, process, and transmit it. It should be holistic, and focus on more than just technical security controls, taking on board strategic and organisational issues too. IA should consider governance and compliance issues alongside the risk ones, paying due regard to legal, regulatory and contractual compliance. It is not simply an IT or technical discipline where techies can work in isolation from the real world; often it requires a delicate balance when people and cultural conflict are possible, e.g. with BYOD. Other balances must be struck when considering aspects of privacy and transparency, weighing obligations against benefits and risks. A good IA professional tries to rarely say no, preferring to understand what the business is trying to achieve and then working collaboratively with it to arrive at a suitable method of getting the desired result. Those working in IA must continue to stay on top of standards and good practice, advances in technologies and emerging issues that may impact particular approaches and change risk profiles (e.g. online communications and cloud computing being targeted by foreign governments). INFORMATION SECURITY Most of all, they must engage positively with their business. Working in this space is both challenging, with everything continually developing, and rewarding, especially when playing a part in defending your organisation, client or country. www.bcs.org/security When it comes to information assurance you need to take a wide view of the issues, says Gareth Niblett, Chairman of the BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION HOLISTIC SECURITY doi:10.1093/itnow/bwt043 ©2013 The British Computer Society Image: iStockPhoto/168767483 24 ITNOW September 2013

BCS ITNow 201309 - Holistic Security

Embed Size (px)

Citation preview

Page 1: BCS ITNow 201309 - Holistic Security

Information assurance (IA) is what information security people do to try and manage risks associated with information and data.

This covers the people, processes and systems that might access, store, process, and transmit it. It should be holistic, and focus on more than just technical security controls, taking on board strategic and organisational issues too.

IA should consider governance and compliance issues alongside the risk ones,

paying due regard to legal, regulatory and contractual compliance.

It is not simply an IT or technical discipline where techies can work in isolation from the real world; often it requires a delicate balance when people and cultural conflict are possible, e.g. with BYOD.

Other balances must be struck when considering aspects of privacy and transparency, weighing obligations against benefits and risks.

A good IA professional tries to rarely say no, preferring to understand what the business is trying to achieve and then working collaboratively with it to arrive at a suitable method of getting the desired result.

Those working in IA must continue to stay on top of standards and good practice, advances in technologies and emerging issues that may impact particular approaches and change risk profiles (e.g. online communications and cloud computing being targeted by foreign governments).

INFORMATION SECURITY

Most of all, they must engage positively with their business.

Working in this space is both challenging, with everything continually developing, and rewarding, especially when playing a part in defending your organisation, client or country.

www.bcs.org/security

When it comes to information assurance you need to take a wide view of the issues, says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.

Information Security Specialist Group (ISSG):www.bcs-issg.org.uk

Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma

BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity

FURTHER INFORMATION

HOLISTIC SECURITY

doi:1

0.10

93/i

tnow

/bw

t043

©20

13 T

he B

ritis

h Co

mpu

ter

Soci

ety

Imag

e: iS

tock

Pho

to/1

6876

7483

24 ITNOW September 2013

Agile Certified

Professionals across the business can now demonstrate their ability to delivergreater value from their projects – with the global benchmark in agile capability.

BCS Agile Certification pushes the boundaries in agile thinking and delivers thewhy, not just the how, of agile by bringing people together in an agile learning environment to tackle real-world business issues. It’s method-neutral, leaving youto decide on the agile approach that works best in your organisation.

Enjoy successful agile projects and transform the way you do business.

bcs.org/agilecertified

BC29

1/LD

/AD

/071

3

© BCS, The Chartered Institute for IT, is the business name of the British Computer Society (Registered charity no. 292786) 2013

bc291_ld_ad_itnow_fp_agile_af_Layout 1 26/07/2013 09:35 Page 1